FBI accesses ProxyLogon target servers to disrupt cyber criminals
Wednesday, April 14, 2021
The FBI is now contacting all owners and operators of the systems it accessed, either via their public contact information, or through providers – such as an ISP – that may be able to pass a message on.
Immuniweb’s Ilia Kolochenko said the court-mandated action was probably a “wise move” in the light of the evident fact that many of the server owners had either been unaware of the server’s existence, or had failed to patch it.
“Hacked servers are actively used in sophisticated attacks against other systems, amplify phishing campaigns and hinder investigation of other intrusions by using the breached serves as chained proxies,” said Kolochenko.
“Thus, arguably, such preventive removal may be considered a legitimate self-defence in cyber space. In any case, neither hackers nor server owners will probably complain or file a lawsuit for unwarranted intrusion.
“What is interesting is whether the FBI later transfers the list of sanitised servers to the FTC or state attorney generals for investigation of bad data-protection practices in violation of state and federal laws.” Read Full Article
Infosecurity Magazine: Europol: “Virtually All” Crime Now Has a Digital Element